Measuring the accuracy of software vulnerability assessments: experiments with students and professionals

Assessing the risks of software vulnerabilities is a key process of software development and security management. This assessment requires to consider multiple factors (technical features, operational environment, involved assets, status of the vulnerability lifecycle, etc.) and may depend from the assessor's knowledge and skills. In this work, we tackle with an important part of this problem by measuring the accuracy of technical vulnerability assessments by assessors with dierent level and type of knowledge. We report an experiment to compare how accurately students with dierent technical education and security professionals are able to assess the severity of software vulnerabilities with the Common Vulnerability Scoring System (v3) industry methodology. Our results could be useful for increasing awareness about the intrinsic subtleties of vulnerability risk assessment and possibly better compliance with regulations. With respect to academic education, professional training and human resources selections our work suggests that measuring the effects of knowledge and expertise on the accuracy of software security assessments is feasible albeit not easy

Singling out the effect of quenched disorder in the phase diagram of cuprates

We investigate the specific influence of structural disorder on the suppression of antiferromagnetic order and on the emergence of cuprate superconductivity. We single out pure disorder, by focusing on a series of Y$_{z}$Eu$_{1-z}$Ba$_2$Cu$_3$O$_{6+y}$ samples at fixed oxygen content $y=0.35$, in the range $0\le z\le 1$. The gradual Y/Eu isovalent substitution smoothly drives the system through the Mott-insulator to superconductor transition from a full antiferromagnet with N\'eel transition $T_N=320$ K at $z=0$ to a bulk superconductor with superconducting critical temperature $T_c=18$ K at $z=1$, YBa$_2$Cu$_3$O$_{6.35}$. The electronic properties are finely tuned by gradual lattice deformations induced by the different cationic radii of the two lanthanides, inducing a continuous change of the basal Cu(1)-O chain length, as well as a controlled amount of disorder in the active Cu(2)O$_2$ bilayers. We check that internal charge transfer from the basal to the active plane is entirely responsible for the doping of the latter and we show that superconductivity emerges with orthorhombicity. By comparing transition temperatures with those of the isoelectronic clean system we deterime the influence of pure structural disorder connected with the Y/Eu alloy.Comment: 10 pages 11 figures, submitted to Journal of Physics: Condensed Matter, Special Issue in memory of Prof. Sandro Massid

The asymmetric diffusion of trust between communities: simulations in dynamic social networks

In this work, we present a model of social network showing non-trivial effects on the dynamics of trust and communication. Our model's results meet the characteristics of a typical social network, such as the limited node degree, assortativeness, clustering and communities formation. Simulations have been run first to present some of the most fundamental relations among the main model's attributes. Next, we focused on the emerging asymmetry with which trust develops within different communities in a network. In particular, we considered categories of nodes differing for their communication profiles and a specific example of bridge between two communities. The results are discussed to provide insights about the dynamic formation of communities based on trust relations. These results are the basis for future works with the aim of better understanding the dynamics of the diffusion of trust and its influence on a growing social network

Effect of two gaps on the flux lattice internal field distribution: evidence of two length scales from muSR in Mg1-xAlxB2

We have measured the transverse field muon spin precession in the flux lattice (FL) state of the two gap superconductor MgB2 and of the electron doped compounds Mg1-xAlxB2 in magnetic fields up to 2.8T. We show the effect of the two gaps on the internal field distribution in the FL, from which we determine two coherence length parameters and the doping dependence of the London penetration depth. This is an independent determination of the complex vortex structure already suggested by the STM observation of large vortices in a MgB2 single crystal. Our data agrees quantitatively with STM and we thus validate a new phenomenological model for the internal fields.Comment: now in press Phys. Rev. Lett., small modifications required by the edito

Nanoscale phase separation in manganites

We study the possibility of nanoscale phase separation in manganites in the framework of the double exchange model. The homogeneous canted state of this model is proved to be unstable toward the formation of small ferromagnetic droplets inside an antiferromagnetic insulating matrix. For the ferromagnetic polaronic state we analyze the quantum effects related to the tails of electronic wave function and a possibility of electron hopping in the antiferromagnetic background. We find that these effects lead to the formation of the threshold for the polaronic state.Comment: 10 pages, 2 figures, invited talk on the workshop on Strongly Correlated Electrons in New Materials (SCENM02), Loughborough (UK). submitted to Journal of Physics A: Mathematical and Genera

Electron localization and possible phase separation in the absence of a charge density wave in single-phase 1T-VS2_2

We report on a systematic study of the structural, magnetic and transport properties of high-purity 1T-VS$_2$ powder samples prepared under high pressure. The results differ notably from those previously obtained by de-intercalating Li from LiVS$_2$. First, no Charge Density Wave (CDW) is found by transmission electron microscopy down to 94 K. Though, \textit{ab initio} phonon calculations unveil a latent CDW instability driven by an acoustic phonon softening at the wave vector ${\bf q}_{CDW} \approx$ (0.21,0.21,0) previously reported in de-intercalated samples. A further indication of latent lattice instability is given by an anomalous expansion of the V-S bond distance at low temperature. Second, infrared optical absorption and electrical resistivity measurements give evidence of non metallic properties, consistent with the observation of no CDW phase. On the other hand, magnetic susceptibility and NMR data suggest the coexistence of localized moments with metallic carriers, in agreement with \textit{ab initio} band structure calculations. This discrepancy is reconciled by a picture of electron localization induced by disorder or electronic correlations leading to a phase separation of metallic and non-metallic domains in the nm scale. We conclude that 1T-VS$_2$ is at the verge of a CDW transition and suggest that residual electronic doping in Li de-intercalated samples stabilizes a uniform CDW phase with metallic properties.Comment: 22 pages, 10 Figures. Full resolution pictures available at http://journals.aps.org/prb/abstract/10.1103/PhysRevB.89.23512

Data Modelling for Predicting Exploits

Modern society is becoming increasingly reliant on secure computer systems. Predicting which vulnerabilities are more likely to be exploited by malicious actors is therefore an important task to help prevent cyber attacks. Researchers have tried making such predictions using machine learning. However, recent research has shown that the evaluation of such models require special sampling of training and test sets, and that previous models would have had limited utility in real world settings. This study further develops the results of recent research through the use of their sampling technique for evaluation in combination with a novel data model. Moreover, contrary to recent research, we find that using open web data can help in making better predictions about exploits, and that zero-day exploits are detrimental to the predictive powers of the model. Finally, we discovered that the initial days of vulnerability information is sufficient to make the best possible model. Given our findings, we suggest that more research should be devoted to develop refined techniques for building predictive models for exploits. Gaining more knowledge in this domain would not only help preventing cyber attacks but could yield fruitful insights in the nature of exploit development

Impact of Mn-Pn intermixing on magnetic properties of an intrinsic magnetic topological insulator: the µSR perspective

We investigated the magnetic properties of polycrystalline samples of the intrinsic magnetic topological insulators MnPn2Te4, with pnictogen Pn = Sb, Bi, by bulk magnetization and μSR. DC susceptibility detects the onset of magnetic ordering at TN = 27 K and 24 K and a field dependence of the macroscopic magnetization compatible with ferri- (or ferro-) and atiferro- magnetic ordering, respectively. Weak transverse field (wTF) Muon Spin Rotation (μSR) confirms the homogeneous bulk nature of magnetic ordering at the same two distinct transition temperatures. Zero Field (ZF) μSR shows that the Sb based material displays a broader distribution of internal field at the muon, in accordance with a larger deviation from the stoichiomectric composition and a higher degree of positional disorder (Mn at the Pn(6c) site), which however does not affect significantly the sharpness of the thermodynamic transition, as detected by the muon magnetic volume fraction and the observability of a critical divergence in the longitudinal and transverse muon relaxation rates

Effective conductivity of 2D isotropic two-phase systems in magnetic field

Using the linear fractional transformation, connecting effective conductivities sigma_{e} of isotropic two-phase systems with and without magnetic field, explicit approximate expressions for sigma_{e} in a magnetic field are obtained. They allow to describe sigma_{e} of various inhomogeneous media at arbitrary phase concentrations x and magnetic fields. the x-dependence plots of sigma_e at some values of inhomogeneity and magnetic field are constructed. Their behaviour is qualitatively compatible with the existing experimental data. The obtained results are applicable for different two-phase systems (regular and nonregular as well as random), satisfying the symmetry and self-duality conditions, and admit a direct experimental checking.Comment: 9 pages, 2 figures, Latex2e, small corrections and new figure